#78

CONTENTS INCLUDE:
n n

About Virtualization Virtualization Stages VMwear Clustering Technologies Virtual Networking Operational Issues Hot Tips and more...

Virtualization
By Edward L. Haletky
Capacity Planning/Analysis Capacity Planning helps you determine how much virtualization is needed in your environment. You will need to minimally know the following attributes:
CPU Utilization/CPU Speed Memory Utilization/Memory Available Page File Utilization Network IO Utilization Disk Utilization/Disk Size/Disk Used Size Disk IO Utilization Location of the Host Owner of the Host Applications Running Operating System

Getting Started with

Get More Refcardz! Visit refcardz.com

ABOUT VIRTUALIZATION
There are several virtualization technologies within the full realm of virtualization. They are:
Type 1 Hypervisors (bare Metal) Type 2 Hypervisors (hosted) Shared operating system bits (containers) Exmaples: VMware ESX, VMware ESXi, Microsoft HyperV, Citrix XenServer Examples: VMware Server, VMware Workstation, VMware Fusion, Microsoft Virtual Server, Parallels Examples: Parallels Virtuozzo Containers, Solaris Containers, OpenVZ, Linux chroot

This Refcard, the first in a multi-part series on virtualization technologies, will cover Virtual Networking for Type 1 Hypervisors, specifically VMware ESX and ESXi.
Hot Tip

These items and many more are picked up by automated tools such as VMware Capacity Planner, Xcedex X-Factor, and Novell Power Recon. Those items with high CPU and IO Utilization numbers need to be carefully considered before virtualizing. The general rule is:
o for VMware Workstation you will achieve 80-85% of hardware speeds o VMware Server roughly 85-90% o for VMware ESX/ESXi you should achieve 90-95% of hardware speeds

A Virtualization Host is an appliance that contains storage, networking, and computer resources

VIRTUALIZATION STAGES
Getting your ducks in a row for virtualization is very important. Those steps are:
Analysis Design/Planning Implementation Reviewing

For High IO Utilization you may wish to consider using VMDirectPath SCSI and Network connections within VMware ESX. Requirements for VMDirectPath devices could limit the number of VMs per Host and increase the number of required PCI-e/ PCI-X slots required per host. Each VM added to a Virtualization Host affects the CPU, Network, and Disk performance of every other VM on the host.

ww w.dzone.com

Analysis
In this stage you are looking at whether you should virtualize or not. Some considerations that need to be made include:
New Hardware Peripherals Special Hardware Do you need new hardware in order to virtualize your environment. If you are virtualizing systems that contain peripherals you may need to purchase additional hardware such as USB over IP devices. Verify that there is something within the virtual environment that could replace any specialized hardware. The available virtual devices include: o Floppy/CD-ROM (CD-RW possible using SCSI device) o CPU/Memory o Video Card (3D not available in vSphere) o Keyboard/Mouse (PS/2) o Network Interface Cards o IDE and SCSI Disk Controllers o Passthru Serial Port o Passthru USB Port (vSphere only; NOT working in vSphere 4.0) o Passthru SCSI Controllers (using RAW device access or VMDirectPath in vSphere) o Passthru Network Interface Cards (vSphere VMDirectPath only) Do you need to invest in different management agents and tools on top of the virtualization software. Do you need to change your licensing for operating systems, and applications. Do you need to invest in new management tools to properly manage your virtual environment. What training do administrators, users, and managers need to go through to use the virtual environment.

Design/Planning
Virtualization using ESX or ESXi is 90% planning and 10% doing. A good design/plan is required. Things to consider for your Design/Plan are:

Get over 70 DZone Refcardz FREE from Refcardz.com!

New Software New Licensing

Virtualization

New Management Training

Hot Tip

Everyday Users should NOT know they are within a virtual environment.
DZone, Inc.
|

www.dzone.com

Virtualization

Service Level Agreements to meet Desired consolidation ratio based on analysis and machine types used Availability and redundancy required for virtual environment Virtual Networking required for virtual environment Storage Networking required for virtual environment Operational issues with respect to the virtual environment Installing ESX Virtual Machines Security required for virtual environment

Resource Pools Resource Pools are containers for VMs that can limit CPU and Memory that the contained VMs can use in total. There exists a Top Level Resource Pool that is the full amount of CPU and Memory resources available to the VMware Cluster. Resource Pools may apply CPU or Memory Limits to a pool of VMs and can also be nested as long as the definitions for CPU and Memory limits are reduced in the inner pools. For example, Pool C within Pool B can be defined with less CPU and Memory resources than Pool B. Lower Resource Pools can be expanded on the fly by borrowing resources from a parent pool. Each Resource Pool also has Shares, Reservations, and Limits. The default settings are as follows:
CPU Shares: CPU Reservation: CPU Limit: Expandable: Memory Reservation: Memory Limit: Normal - 4000 0 MHz (unlimited, expandable) Unlimited (Available MHz) Memory Shares: 163840 0 MBs (unlimited, expandable) Unlimited (Available MBs), Expandable

Consolidation Ratios
Consolidation ratios depend entirely on the workload to be used within the virtual environment. No two companies workloads are the same, run your own tests. On average a host can run 6-8 single vCPU Server VMs per core and 11-12 single vCPU virtual desktops per core. For light loads more is possible. Consolidation ratios in many ways depend on the number of VMs you feel comfortable having in one host. For example, the average could be 30 VMs to 1 host. Depending on your high availability and redundancy requirements you may need 2-3 x the standard number of hosts. Virtualization hosts should contain enough memory so that workloads do not swap and therefore impact performance It should be noted that the performance of each individual VM affects every other VM. The use of VMware Fault Tolerance (FT) will reduce consolidation ratios as FT runs a shadow copy of VMs on other nodes within the VMware Clusters.

VMware Resources
CPU The amount of CPU assigned to any one virtual machine. When there is CPU contention VMware Dynamic Resource Scheduling can move the VM between hosts in the same VMware Cluster. Controlled by the number of CPU shares, MHz Reservation, and MHz Limit assigned to any one VM. The amount of memory assigned to any one virtual machine. When there is memory contention VMware Dynamic Resource Scheduling can move the VM between hosts in the same VMware Cluster. Controlled by the number of Memory shares, RAM, and RAM Limit assigned to any one VM. The amount of Disk IO assigned to any one virtual machine. Controlled by the number of Disk shares assigned to any one VM. The amount of network IO assigned to any one virtual switch portgroup. Controlled by Quality of Service controls per virtual switch portgroup.

A VM placed outside Resource Pools will have more available resources than any VM within a Resource Pool if expandable is not selected. This confuses share calculation as total number of CPU and Memory Shares cannot exceed limits of resource pool into which the VMs and other Resource Pools have been placed except when pools are expandable. Ex. 2 default non-expandable Resource Pools each containing 6 default 1 vCPU, 1024MB VMs:
Total CPU Shares within Resource Pools: Total CPU Shares: Per Resource Pool CPU Shares: Per VM CPU Shares per Resource Pools: 6000 = 6 * 1000 (VMs) 8500 = 2 x 4000 (RPs) + 500 (SC) 4000 = 4000/8500 = ~47% of Host ~666.66 = 4000/6 VMs or ~16.6% of the Resource Pool which is ~7.8% of the host

Memory

Disk Network

VMware Shares, Reservations, Limits Each VM starts with a set number of shares:
CPU Memory Normal - 1000 times # of vCPU shares - 0 MHz (unlimited) Reserved, Unlimited Ex: 1 vCPU = Shares: 1000; Reservation 0 MHz; Limit: Unlimited Normal - 10 times RAM assigned shares - 0 MBs Reserved, Limit in MB of RAM assigned Ex: 512MB = Shares: 5120; Reservation 0 MBs; Limit: 512 1000 Shares Ex: 1 Disk = Shares: 1000 Per Portgroup NOT VM

VMware Clustering Technologies

Disk Network

The Service Console also has shares, reservations, and limits:

Service Console = CPU Shares: 500; CPU Reservation: 233MHz; CPU Limit: Unlimited; Memory Shares: 500; Memory Reservation: 0 MB; Memory Limit: Unlimited.

More VMs adds to the total number of shares for a given host:
Ex. 10 1 vCPU VMs each with 1 GB of Memory and 1 disk given the following number of shares:
Total CPU Shares: Per VM CPU Shares: Total Memory Shares: Per VM Memory Shares: Per VM Disk Shares: 10500 = 10 * 1000 (VMs) + 500 (SC) 1000 or 1000/10500 of system = ~9.5% of the host 102900 = 10 * (10 * 1024) (VMs) + 500 (SC) 10240 or 10240 / 102900 of system = ~9.95% of the system 1000 = 1000/10000 = 10% of the system disk IO

Require the use of Shared Storage such as NFS, iSCSI, or FC-SAN. Will not work with JUST local storage. VMware vMotion. Move VMs from Host to Host without powering off the VM. VMware Enhanced vMotion Capability. Allows for VMware vMotion between systems with slightly dissimilar but within the same family of processors. I.e. Intel and AMD but not between AMD or Intel. This functionality alleviates the need to set per VM CPU masks. VMware Storage VMotion. Move VMs from Datastore to Datastore without powering off the VM. VMware Dynamic Resource Scheduling (DRS). If there is any CPU or Memory Resource Contention either warn operator or automatically move VM using VMware vMotion. VMware Dynamic Power Management (DPM). Experimental in VMware Virtual Infrastructure. Fully Supported in VMware vSphere. Automatically moves VMs from less used Nodes using VMware vMotion so that this cluster nodes can be powered off during off-peak hours, and powered back on during peak hours. VMware High Availability (HA). If there is a VMware Cluster node crash, it will power on the VMs on other nodes of the cluster. Each VM will be crash consistent. Also works per crashed VM not just crashed host. VMware Fault Tolerance. If a VM crashes, VMware Fault Tolerance brings fully online a shadow copy of the VM. Use of VMware Clustering technologies will reduce your consolidation ratios based on your service level agreements.
o When using HA, you will need enough extra resources on your VMware Cluster nodes to run at least a full nodes worth of VMs. o When using FT, each VM takes up two times the normal resources.

DZone, Inc.

www.dzone.com

Virtualization

80% is the magic number. Do not fill cluster nodes more than 80% (CPU, Disk, Memory) to handle sudden spikes in usage. This includes necessary extra resources to handle HA and FT.

hostile nature of this network. 6 pNICS With 6 pNICs some of the overlap disappears and you have enough pNIC to have both a standard virtual machine network as well as a DMZ. With 6 pNICs there are now 3 vSwitches and each pNIC has a specific duty:
pNIC0 handles the Service Console (Management Network and vMotion) pNIC1 handles the FT Logging Network pNIC2 handles iSCSI traffic pNIC3 handles NFS traffic pNIC4 and pNIC5 are used to give redundancy to the Virtual Machine Network.

Virtual Networking
Base component is the virtual switch (vSwitch). A vSwitch is a very simple Layer-2 device with a software CAM table. Virtual Distributed Switch is superset of the vSwitch. A container for identical vSwitches across all vSphere ESX/ESXi Hosts. Virtual Distributed Switches also add the ability to use Private VLANs and other security constructs. Components
Portgroup (vPG) is subset of the vSwitch Portgroups can represent VLANs on physical switches vSwitch connected directly to physical NICs (pNIC) placed in bridged mode virtual machine NICs (vNICs) connect to Portgroups vmkernel ports (those used just by the hypervisor) connect to Portgroups
o o o o o NFS IP Storage used for NFS based Data Stores iSCSI IP Storage use for iSCSI based Data Stores FT Logging used by VMware FT VMware vMotion used by VMware DRS and vMotion ESXi management appliance vmkernel device connects to portgroups per Figure 2.

In general, you want to have separate pSwitches to increase security from Layer-2 network attacks instead of using VLANs. Use of VLANs is a trust that your pSwitches are not susceptible to Layer-2 attacks. When you introduce a DMZ into the mix for 6 pNICS our virtual network looks like our standard 4 pNIC case for all but the DMZ which uses the extra 2 pNICs.
pNIC0 handles the Service Console (Management Network, FT Logging, and vMotion) pNIC1 handles the IP Storage Traffic pNIC2 and pNIC3 are used to give non-DMZ virtual machines redundancy. pNIC4 and pNIC5 are used to give redundancy to the DMZ Network.

ESX service console virtual machine vSwif device connect to portgroups. See Figure 3. Virtual Networking ESX/EXi Networks

Virtual Networking Design Considerations Virtual Networking encompasses redundancy, security, and performance. There should be 2 physical NICs per network/ trunk entering a VMware ESX or ESXi host for redundancy and performance. For the best security results, each virtual network security zone should be connected to different physical switching networks. Less than 4 physical NICs is considered insecure, lacking in redundancy, and will suffer performance degradations. Virtual Switches cannot be layered or connected directly to each other. There needs to be a VM between two virtual switches acting as a router, gateway, bridge, or firewall to connect to vSwitches.
Draw out your virtual network to get an idea of how everything interconnects. Use of SR-IOV or VMware VMDirectPath bypasses the virtual switch and connects a VM direct to the pNIC.

What makes this configuration work with a DMZ is the use of separate pSwitches for each pair of pNICs. This gives the virtual network security and redundancy. However, IP Storage performance can suffer. Bridging between vSwitches The last example network is one where you have a need to bridge between two vSwitches using a virtual appliance. The use of this is for:
Placing a firewall, gateway, or router between two VLANs/Networks Implementing some form of inline Virtual Network Security such as VMware vShield Zones and other non-VMsafe security tools

There is a major Caveat however:

This does NOT work with the Cisco Nexus 1000V vSwitch.

Common Virtual Networking Examples The most common question is how to configure virtual networking with either 4 or 6 physical NICs (pNICs). These examples will assume the following:
All virtualization host networks are required (FT Logging, vMotion, NFS, iSCSI, and Management) There is at least one Virtual Machine Network

The second Portgroup to be bridged (vPG2 in Figure 8) does not need to be:
On the same vSwitch Connected to a pNIC

In addition to bridging between two Portgroups, if the VLAN ID of a portgroup is 4095, it acts as a SPAN port which receives all network packets on a given vSwitch. VLAN Methods within Virtual Network There are three 802.1q VLAN implementation methods within the vSwitch. They are defined by where the trunk of VLANs ends.
External Switch Tagging (EST) Virtual Switch Tagging (VST) Virtual Guest Tagging (VGT) The Trunk ends at the pSwitch and each pNIC on the Virtualization Host has a single network cable representing a separate VLAN/Network The Trunk ends at the vSwitch and each portgroup on the vSwitch represents a different VLAN The Trunk ends at a specific VM. This only works if the VLAN ID of the portgroup to which the VM is connected has a VLAN ID of 4095.

4 pNICs With 4 pNICs there is quite a bit of overlap between all the various networks and network performance would need to be considered. Each pNIC on vSwitch0 has several networks running over it so VLANs or subnets will be necessary.
pNIC0 handles the Service Console (Management Network, FT Logging, and vMotion) pNIC1 handles the IP Storage Networks pNIC2 and 3 are used to give redundancy to the Virtual Machine Network.

Storage
Shared Storage is a requirement for the clustered attributes of VMware ESX/ESXi. Local Storage is often required for Business Continuity reasons.
|

It is best when using less than 6 pNICs to choose to not use this configuration for a DMZ UNLESS pNIC2 and pNIC3 connect to separate physical switching networks due to the
DZone, Inc.

www.dzone.com

Virtualization

Storage for VMware ESX/ESXi implies where VMs may live aka Data Stores. Data Stores can live on:
Local SAS/SATA/SCSI RAID Host Bus Adapters (HBAs) w/LUN formatted as Virtual Machine File System (VMFS) Remote iSCSI Servers (Storage Area Networks) w/o IPsec enabled w/ LUN formatted as VMFS Remote NFSv3 over TCP Servers Remote Fibre Channel SANs (FC-SAN) w/LUN formatted as VMFS

Metadata is changed when a file on the data store is created, modified, accessed (access time), or deleted. ESX alleviates this by limiting the number of simultaneous vMotions and Storage vMotions that are possible. It is possible to perform more than 4 simultaneous actions that create SCSI Reservations. Actions include, but are not limited to:
Open/Create/Delete ISOs on a Datastore Create/Modify/Delete Virtual Machines VMotions, Cold Migrations, Storage vMotions Import/Export VMs as OVFs or using VMware Converter (or other tools of that ilk) Pretty much anything that modifies/creates/deletes a VM.

Data Stores cannot live on:

CIFS Shares NFS over UDP Servers

Storage per Virtual Machine can be of these types:

Virtual Machine Disk (VMDK) which resides upon one of the aforementioned Data Stores. There are several types of VMDKs:

o Zero Thick: Default VMDK creation method on VI3. All blocks of the disk are allocated and zeroed when the VMDK is created. o Zero Eager Thick: All blocks of the VMDK are allocated and zeroed when the VMDK is created. o Thick: All the blocks of the VMDK are allocated but NOT zeroed when the VMDK is created. o Zero Thin: Default VMDK creation method for vSphere. Only the start and end blocks of the VMDK are allocated and zeroed when the VMDK is created. After creation, as blocks are used in the VMDK, they are allocated and zeroed. o Thin: Only the start and end blocks of the VMDK are allocated when the VMDK is created. After creation, as blocks are used in the VMDK, they are allocated but NOT zeroed. o 2gbsparse: Transportable VMDK created using up to 2GB chunks. Each chunk will be a maximum of 2GB and contain only the blocks actually in use within the VMDK. o Snapshot: A Snapshot is a special VMDK that links to an existing VMDK or Snapshot and contains only those Blocks that have changed from the linked and existing VMDK. o Linked Clone: A Linked Clone is a special version of a snapshot that allows more than one VM to make snapshots of a given VMDK.

Operational Issues
The day to day operational issues will impact your virtualization host. These include the following tasks per VM:
Anti-Virus Scanning Spyware Scanning Vulnerability Scanning Configuration Management Disk Defragmentation Full Disk scans should be staggered across all VMs within a VMware Cluster or Host. This is IO Intensive. Full Disk scans should be staggered across all VMs within a VMware Cluster or Host. This is Disk IO Intensive. Vulnerability Scanning without a VM implies using the Network and that could be Network IO intensive; from within a VM such a scan could be Disk IO Intensive. Initial computations of checksums for every file on a system could be CPU and Disk IO Intensive. Full Disk Scans could be Disk IO and CPU Intensive as well. This is an IO intensive application and not recommended when using Linked Clones, as a Disk Defragmentation will touch every block of a disk, even those NOT in use. Thereby allocating the full disk and destroying the benefit of Linked Clones. Patching within a VM has two issues. The first is that it can be Disk IO Intensive. The second is that patches often require a reboot which could cause Disk, Memory, and CPU issues if many VMs were to reboot at once. Stagger such reboots. Without VMotion this task requires that VMs be powered off, moved off the host to be patched and then powered back on. For rolling updates without VMotion this could be many reboots. Without Storage VMotion, patching storage arrays requires powering off all VMs, migrating to other storage, and maybe powering the VMs back on. Use of Storage VMotion could alleviate the need for downtime, if there is a secondary data store available from another array. Package Installation within a VM for many VMs at the same time could cause Disk IO issues. Stagger such package installations. Package Installation within a VMware ESX host does not require anything special. Creation of a VM has a Disk IO intensive component and will cause a SCSI Reservation to be requested. Once the VMDK is created, Disk IO issues cease. Modification of a VM may require powering off a VM and then powering it back on to gain the benefit of the change. This will cause a SCSI Reservation to be requested. Deletion of a VM could be Disk IO intensive for many VMs at the same time. This will cause a SCSI Reservation to be requested.

RAW device or SCSI Passthru device using VMDirectPath or built-in RAW mode. This is mainly used for access to locally attached non-disk SCSI devices but can be used for access to a Local LUN. Raw Disk Map (RDM) disks which are LUNs specifically assigned to the VM from an iSCSI or FC SAN. There are 2 types of RDMs: o Virtual: A Virtual RDM has all the benefits of a VMDK. I.e. Locking is handled by the VMkernel and Snapshots can be created. o Physical: A Physical RDM is a Passthru LUN with no controls applied by the vmkernel. I.e. Snapshots cannot be created. N_Port ID Virtualization (NPIV) is a special case of RDM and is used to setup per VM Zoning and Presentation within the FC-SAN fabric (Only works w/disk LUNs).

Patching within a VM

Patching an ESX/ ESXi host Patching Storage Arrays

Concerns with Storage The major concerns when using storage is Disk Utilization which could translate into Network Utilization when using IP Storage. Disk IO Utilization issues depend on the following:
Disk IO within the VMs As measured from outside the VM. While the in-VM numbers could match the out-VM numbers, the out-VM numbers depend on external clocks. Counters made within a VM expect a CPU to constantly be running within the VM, this is not necessarily the case. The standard thought is no more than 12 VMs per LUN. However, this may change if there are low utilization VMs or high utilization VMs. The size of the LUN will determine the number of VMs that can fit per data store. The common thought is many smaller LUNs (600700GB) instead of 1 large LUN. If you are using a FC-SAN it is important to have the proper Q-Depth number used for each LUN. More spindles per RAID set imply better performance. However, for some SANs over 7 spindles has a performance decrease. RAID-1 is faster than RAID-5 which is faster than RAID-6 (ADG) SSD is faster than FC, which is faster than SCSI, which is faster than SAS which has a higher mean time before failure (MTBF) than SATA.

Package Installation Creation, Modification, Deletion of VMs

Number of VMs per LUN Size of the LUN

Monitoring of VMs within an ESX host falls into different categories and will have different operational concerns. Here are some of the more prevalent concerns:
Performance Performance monitoring depends on CPU counters which depend on the full number of cycles within a VMs vCPU which is not always the case which implies that performance numbers from within a VM is more a gauge then true numbers. Gather performance data from without the VM. The state of the VM, its network devices, etc. can be found within or without a VM. This would occur from within a VM. Security monitoring or auditing must take place from within the VM for Guest OS Hardening, and without the VM for VM specific security settings.

Settings on the HBA Number of Spindles used for each RAID Set Type of RAID used Underlying Disk Type and Speeds

State Inventory/Assess Management Security

Higher speed drives are very important; try to use 15K drives. SSD can have Stutter so it is important to get high quality SSD devices. SCSI Reservation Conflicts When using FC-SAN or iSCSI Servers the most important item to avoid is SCSI Reservation Conflicts. SCSI Reservations occur when there are modifications to the metadata for any non-NFS data store.
DZone, Inc.
|

vSphere APIs can be used to improve overall monitoring. The APIs are:
vNetwork vStorage Virtual Network API used by the Cisco Nexus 1000V switch. Network monitoring would occur at the vSwitch level and be performed without the VM. Virtual Storage API used by the EMC PowerPath VE product allows storage vendors to use the multipath plugin functionality to provide functionality and gather better disk IO statistics. Anti-virus and Anti-spyware vendors can also directly read a VMDK without the VM needing to be powered on.

www.dzone.com

Virtualization

vCompute vMemory VMsafe

Virtual Compute API can be used to gather better performance numbers for individual VMs or vCPUs. Virtual Memory API will be used by Anti-Virus and Anti-Spyware vendors to quarantine reads and writes to parts of the memory of a VM. VMsafe moves Security monitoring into the VMkernel. The most common use as of now is to provide virtual firewall at the vSwitch level and not as an inline device between virtual switches.

/ Swap /home /tmp /var /var/log

2048 1600 2048 2048 4096 4096

Installing ESX
Installing ESX is a 19 step process with only 1 step being the actual installation.
1. Read the Release Notes. Always important as it contains information that may be necessary to know for installing ESX/ESXi. 2. Read all relevant documentation (including the ESX Installation Guide, Storage Array Documentation, etc.) Read the Fine Manuals as they have important information to know on configuring ESX/ESXi or storage devices. 3. Verify that your Server, IO Devices, etc are on the VMware HCL. The VMware HCL contains information on what levels of firmware, location of drivers, and other necessary to know information prior to installation. 4. Run Vendor diagnostics for at least 24 - 48 hours ignoring all disk timeout tests. VMware ESX/ESXi taxes hardware like no other operating system. It is important to have good working hardware to start. 5. Run memtest86+ for at least 24 - 48 hours. Memory issues will cause crashes to your ESX/ESXi host. Always verify. 6. Upgrade firmware to at least the minimum supported levels--usually the latest. This information comes from the HCL. Down level firmware and BIOS could cause difficult to debug crashes of ESX/ESXi. 7. Verify the BIOS settings for the server are appropriate according to the hardware vendor documentation. Incorrect BIOS settings will deny the ability to use EVC, run 64 Bit VMs, and cause difficult to debug crashes. 8. Determine Boot Disk location: Local, SAN, or iSCSI? Boot From SAN while possible is not always recommended. But often requires special Storage configurations to make happen. 9. Retrieve VMware ESX/ESXi server licenses. Needed during install, but could be added after the fact. 10. Retrieve Virtual Machine License and installation materials. Only necessary if installing VMs immediately. 11. Retrieve Service Console/Management Appliance network information (Static IP Address, Hostname and Fully Qualified Domain Name, Network Mask, Gateway, and DNS server addresses). Necessary to perform install. 12. Retrieve VMkernel network information (Static IP Address, Network Mask, and Gateway). 13. Determine service console swap size and thereby the service console memory size. Generally the swap size is 2 x memory size. The maximum size is 2000MBs. 800MBs is the recommended size of Service Console memory. 14. The virtual networking required (drawn out for easy implementation). Your virtual network diagram/design is required to configure your host and will help with installation. 15. vSwitch Portgroup/Network labels to use within the virtual network. Common portgroup labels are required across all your VMware ESX/ ESXi hosts within the same cluster. 16. VLANs required for each vSwitch Portgroup. If you are using VST you need to know your VLANs as one may be needed during installation. 17. Determine your file system layout (vSphere requires minimally 10GBs of space). vSphere places Service Console VM within a VMDK on its own VMFS. Not enough space to create this new VMFS is a cause for upgrade failures.
File system /boot Minimal Size (MBs) 200

18. Collect World Wide Port Names if using FC-SAN HBAs. This is necessary to zone and present LUNs to the ESX host. 19. If necessary, configure FC/iSCSI HBA for boot from SAN. For Boot From SAN you are required to configure the FC/iSCSI HBA to enable disk boot BIOS to be available.

At this time you have enough information to install VMware ESX or ESXi. There are some post install steps to take as well:
1. Connect to the ESX/ESXi host for the first time and create administrative user (non-root). 2. Install any additional ESX or ESXi packages. 3. Join ESX/ESXi host to vCenter Server. 4. Configure Virtual Network. 5. Configure Data stores.

Virtual Machines
Virtual Machines are comprised of the following virtual hardware devices:
IDE Controllers SCSI Controllers Used for IDE Disks and CD-ROMs. Up to 4 devices available. o BusLogic o LSILogic o LSILogic SAS (vSphere Only) o Paravirtualized SCSI Driver (PVSCSI) (vSphere Only) Up to 4 SCSI Controllers available per VM. PVSCSI driver can only be used for NON-Boot Disks. VMDirectPath SCSI is also available. o AMD PCNet32 o Intel e1000 o Paravirtualized vmxnet o Paravirtualized vmxnet3 (vSphere Only) Up to 10 vNICs available within vSphere, only 4 within VI3. vmxnet3 required to achieve 10GB speeds. Without the VM, Flexible Network Adapter is selected. Driver within the VM determines what device is in use (PCNet32 or vmxnet). Guest Operating System in use will determine if e1000 is available. Per the formats given under the storage subsection. Up to 4 IDE CD-ROM or Disks available. Up to 60 SCSI Devices available 4 controllers w/15 devices each. Using SCSI Passthru or VMDirectPath to access attached SCSI devices like Tape Libraries, Tape Drives, and other SCSI devices. SCSI ID within VM should match SCSI ID of SCSI Passthru device. Up to 4 CD-ROM and IDE disks allowed. Up to 2 Floppy devices allowed. Up to 64GBs available. 1, 2, 4, or 8 vCPUs available. 8 vCPUs requires Enterprise Plus licensing for vSphere.

Network Controllers

IDE or SCSI Disks

SCSI Devices

IDE CD-ROMs Floppy Memory CPU Keyboard Mouse Video Monitor Serial Ports USB Devices (vSphere Only, does NOT work in ESX/ESXI 4.0)

Memory for Video graphics adapter shared with Guest operating system assigned memory. Passthru to the Virtualization Host serial port using service console serial port pipeline. Passthru to the Virtualization Host USB devices.

Virtual Machines also contain the VMware Backdoor

Allows Virtualization Host to query parts of the VM without using the network. Allows VM to control some aspects of the virtualization layer such as connected state of certain devices (CD-ROM, Network, and Floppy) Impossible to remove, it is ALWAYS there.

DZone, Inc.

www.dzone.com

Virtualization

Devices not in the list of available devices can be connected to a VM through other means:
USB over IP devices Used to give VMs access to
o o o o Modem Banks USB Security Dongles Shared Printers etc.

another host is supported over IP. This depends on the Guest OS not ESX or ESXi.

Security
Security is incredibly important. Work with your Security Team. Please follow one of these security guidelines:
VMware Hardening Guideline CIS Security ESX Benchmark DISA STIG for ESX

Serial over IP devices Used to give VMs access to serial devices such as modem banks Remote Desktop Protocol Pass Thru VMs can send sound to RDP workstations VMs can see personal USB devices VMs can participate in physical security requirements such as Common Access Cards etc.

It is also recommended that you read the following:

VMware vSphereTM and Virtual Infrastructure Security: Securing the Virtual Environment published July 2009, Copyright 2009 Pearson Education. Top Virtual Security Links

Any network method to transfer a device from one host to

ABOUT THE AUTHOR Edward L. Haletky is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development. Edward is also a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions, prolific blogger, and is working on new books on Virtualization.

RECOMMENDED BOOKS
The Most Complete, Practical, Solutions-Focused Guide to Running ESX Server 3. VMware ESX Server in the Enterprise is the definitive, real-world guide to planning, deploying, and managing todays leading virtual infrastructure platform in mission-critical environments.

BUY NOW
books.dzone.com/books/vmware-esx-enterprise
As VMware has become increasingly ubiquitous in the enterprise, IT professionals have become increasingly concerned about securing it. Now, for the first time, leading VMware expert Edward Haletky brings together comprehensive guidance for identifying and mitigating virtualization-related security threats on all VMware platforms, including the new cloud computing platform, vSphere.

Buy Now
books.dzone.com/books/vmware-vsphere

Bro

ugh

t to

you

by...

Professional Cheat Sheets You Can Trust

Exactly what busy developers need: simple, short, and to the point.
r

#8
z.co m

it ! V is arz

E: LUD IN C y TS bilit EN onsi NT esp CO of R in Cha and m Com reter rp Inte tor ... ore Itera tor dm dia d an Me rver tho se Me S Ob RN plate TTE Tem
n n n n n n n

ired Insp e by th GoF ller se Best

ns tter Pa sign De
Cha in e of R ns spo ibil ity, con tinu ed
re le a que st an d th ndle e ha ue req r doe snt st w ith th e ha

nald cDo nM Jaso By

have to ndle

James Ward, Adobe Systems

one

DZone communities deliver over 6 million pages each month to

C

e to th nce in fere ted k re s lis ctquic PA s, a es a bje ern IGN tt vid s, le O pro n pa DES sab iagram . UT fcard F) desig of Reu r ple s re ss d o ABO oke xam ents des cla ttern our (G Inv de h lem n Pa of F worl suc s: E inclu esig cts D ang attern real ern is D AN Th P obje enting 23 G patt , and a uct MM inal Design . Each m nd str tion ple CO orig ma k re con rma om ir im boo Softwa nt teC d to info the cre Clie the d Use om age nd Con () ns: d fr ente on, us ma ct cute Ori tter Com ) uple s obje nati ( +exe low l Pa eco is al rge cute ch xpla ona ed la e . Th s su . ati nb +exe bject nship form bjects Cre y ca an o tio e d to rate o d as ed rela ms, t th eate Use rith tha e tr ject bas . . ispa ns: lgo b to b er jects lly o g it stem tter many d ge a iv b sy win ona Pa ana allo traditi Rece en o ers. ral en uest ord to m betwe ctu twe req ndled in riant n. sa sed s Stru s be an . in va late catio e ha s: U ilitie psu at c invo to b llbacks es or cture the Enca quest s th ttern sponsib d ca stru nt tim lity. ling re g l Pa ship ng an tiona at varia the hand pose ssin func ueui tion iora , and re ject Pur led k roce to be ob av as q rela us p llbac be hand ed. y the Beh nships n be ed rono tionalit y need ject ed ca to from ch ne b d ca an tio You ne s need asyn func sts is couple ith o that st the rn the without n it is rela que ar ls w ate ips Reque y of re be de cilit d patte ssing entatio particul nsh or Dea e. ould ce Use to fa an r sh A hist pro implem ents its ting. n latio pe: pe used e comm voke for ec m Whe ntim s re al Sco ely toty The in exp th ueue actu d imple wid clas Pro ject ed at ru ue is are utilizing a job q of the ue C Ob ues with y e que the que g to en dg que s. B an en als xy . Job orithm be giv knowle that is terface Pro e ch : De e time g ct b n e in S r le of al ed ca to have d obje of the er mp cop pil rato ut an Exa serv nes ss S at com exec e queue comm Deco Ob confi S Cla e th B d the n . Th for de nge king leto ithin invo hm w Faca cha Sing od tory
n n n n

nd le a outc ay ha an tial hand sm hen oten ject le to . .W le p le ob tern ethod bject be ab tab pat ultip ecific o should cep n M this if the m up the s sp an ac d e ents ject ime. d is be a lem ks to se e passe de to of ob at runt handle imp b Use ec set til co t ld ch ges n A n ined being shou peats un paren ime ngua erm Whe not e la the runt or if it det ore s re uest som d tion proces e no m req g in metho cep n A e e ar a ndlin e ex ack th ther n ha rown in ndle th ll st until ptio th e ca Exce ion is sm to ha up th tered or ral un le cept echani passed avio co ex mp Beh . is en am Exa hen tion uest to has ack. W ject q cep st Ob e re e ex call le th nd th hand s to ha ct obje

ome.

Upcoming Titles
RichFaces Agile Software Development BIRT JSF 2.0 Adobe AIR BPM&BPMN Flex 3 Components

Most Popular
Spring Configuration jQuery Selectors Windows Powershell Dependency Injection with EJB 3 Netbeans IDE JavaEditor Getting Started with Eclipse Very First Steps in Flex

re f c

Download Now

a rd

Refcardz.com

Get

Mo

ef re R

DZone, Inc. 1251 NW Maynard Cary, NC 27513 888.678.0399 919.678.0300

ISBN-13: 978-1-934238-62-2 ISBN-10: 1-934238-62-7

50795

.com

ww

more than 3.3 million software developers, architects and decision

S S

z w. d

Fac ract Abst r pte Ada B e ridg

makers. DZone offers something for everyone, including news,

B

Y tutorials, cheatsheets, blogs,IBfeature articles, source code and more. ILIT NS

S

f in o ty Cha nsibili o Resp d man om C B site po Com

Me

diato m

Me

ento

Ob
or

ject

Beh

avio

ral

O AIN DZone is a developers dream, says PC Magazine. CH F

>> ace terf r <<in andle () H uest req ndle +ha

P RES

succ

ess

Sponsorship Opportunities sales@dzone.com

9 781934 238622
Version 1.0

Copyright 2009 DZone, Inc. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, 2 ler nt and Clie photocopying, or otherwise, without prior written permission ConcreteHqpublisher. Reference: of the uest ( )

ern

Con

cre

teH

and () uest

1 ler

+ha

ndle

re

hand

le a

req

uest

ki by lin

ng

ww

z w.d

one

.c o

$7.95

Build

er

Meth tory Fac t eigh Flyw ter rpre Inte B tor Itera

State

algo

rit

Stra

y od Meth plate Tem teg Visit or

Refcardz Feedback Welcome refcardz@dzone.com